Group security - can issues be restricted by group?

We have vendors working on our project as well as an internal dev team. We need to be able to let vendors see only the JIRA issues relevant to them. So how can we do this? Can we create a group for each vendor and only give them access to issues that have a particular value in a field...I'm thinking of doing this off a Component field so that if they are working on that component, they'd have access to see the JIRA issues on it. Will this work? Also, is this only possible on premise or can this be done in the cloud?

If you are interested to only show some issues only for certain groups, you might be interested in configuring the Issue Level Security. Possibly, you can have the Issue Security by default to be showing Reporters and Internal team only.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Thanks but does this cover my scenario? I can't tell from the detail in the Issue Level Security write up. Here is my specific example. We have one project called project X. I have 3 groups: Internal, Vendor 1 and Vendor 2. Internal users can have access to see any issue in JIRA. Vendor 1 is limited to see only issues that are for component 1. Vendor 2 is limited to only see issues that are for Component 2. The issue itself would have a component field and values 1 and 2. So for issues with component value 1, only vendor 1 and internal users should be able to see, search, access them. For isses with component 2, only vendor 2 and internal users shoudl be able to see, search, access them. Is this possible with issue level security or any other feature in JIRA...and also only on premise? or also via cloud?

I'm thinking that you could have the two issue security level. One is only for Internal + Vendor1, while the second is Internal + Vendor2. Question is, who create the issues? If it is the internal users, you can allow the permission for only Internal users to set the security level and set them according to the components.

If the issues are being created by all of the three groups, then I think you might want to have a simple modification/customization on the issue security level. The script would check if the reporter is from which group and set the issue security level on creation accordingly.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.